Centralized Data Source Management in a Federated Environment

Is there a way to prevent individual users to add data elements to the data layer without preventing them from accessing preexisting data elements for their tags & load rules? The idea is to create a centralized model for all new data sources that goes through a governing authority.

Centralized Data Source Management in a Federated Environment

Brian, Josh is spot on with his post. I would utilize resource locks to keep your data layer protected, or I guess "locked". This allows anyone to use the items for rules, mapping, etc but only allows the users with the specific lock permissions to edit the data layer items.

If you think it's needed, we could add an additional level of permissions around creating data layer elements, load rules, etc. But candidly we wanted to have a simpler, more flexible security model utilizing labels and locks rather than having dozens of permission checkboxes.

We could also potentially add action type filters to the "Versions" tab that allowed operators to look for tag additions/removals, template updates, data layer items, etc. This would at least allow you to audit your team and their activity at a more granular level.

Centralized Data Source Management in a Federated Environment

Brian, your best option would be to utilize resource locks on a label in the data layer. Any elements in the data layer will be accessible to all users but the resource lock would prevent anyone from being able to modify the data source that does not have the appropriate privileges. This solution, however, does not prevent the addition of a new data source. I will suggest this as a feature enhancement to the development team.

Centralized Data Source Management in a Federated Environment

Thank you Josh. We will be applying resource locks at the data source level. Hi Mike: Having the any additional auditing capabilities is a win for us. We want to monitor any sensitive data that is being added to our data layer.